zend-escaper icon indicating copy to clipboard operation
zend-escaper copied to clipboard
verified publisher icon zendframework

Documentation for the "Good" URL escaping is still not good

Open stof opened this issue 7 years ago • 1 comments

  • [x] I was not able to find an open or closed issue matching what I'm seeing.
  • [x] This is not a question. (Questions should be asked on chat (Signup here) or our forums.)

The example used on https://docs.zendframework.com/zend-escaper/escaping-url/ is not only building a URL. It is also outputting this URL in an HTML context. So this is a case of nested contexts:

  • the name must be escaped as URL component (good)
  • the whole URL must be escaped as HTML attribute value (not good currently)

This is kind of unfortunate to show this as a good usage of escaping when a previous chapter was precisely warning about nested contexts.

The example should either be improved to apply the necessary HTML escaping, or be replaced by another example using the URL in a non-HTML context.

stof avatar May 18 '18 08:05 stof

This repository has been closed and moved to laminas/laminas-escaper; a new issue has been opened at https://github.com/laminas/laminas-escaper/issues/1.

weierophinney avatar Dec 31 '19 21:12 weierophinney